London Storage Privacy Policy and GDPR Information

This Privacy Policy explains how London Storage collects, uses, shares and protects the personal data of all London Storage customers in our service area. It also explains your rights under the UK General Data Protection Regulation and related data protection laws. By using our services, visiting our premises or interacting with us, you acknowledge that you have read and understood this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy applies to all London Storage customers, prospective customers, former customers, and visitors in our service area whose personal data we process in connection with our self-storage and related services. This includes individuals who contact us for quotations, make bookings, enter into storage agreements, visit our facilities, or otherwise use or enquire about our services.

Who we are and data controller responsibility

London Storage is the organisation responsible for deciding how and why your personal data is used. For the purposes of applicable data protection laws, London Storage is the data controller for the personal data described in this Privacy Policy. Where we use third parties to process personal data on our behalf, they act as our data processors and must follow our instructions and comply with appropriate data protection obligations.

Categories of personal data we collect

We collect and process different types of personal data depending on your relationship with us and how you interact with our services. The categories of data we may collect include:

Identification and contact data, such as your full name, postal address, billing address, and any other contact details you choose to provide.

Account and contract data, such as customer reference numbers, storage unit numbers, contract start and end dates, payment status, and communications relating to your storage agreement.

Payment and billing data, such as partial payment card details or bank details to process payments and refunds, payment history, and invoices. We do not store full payment card numbers when processed via secure third party payment processors.

Verification and security data, such as proof of identity or proof of address that you provide, vehicle registration numbers where required for site access, access logs, and security codes or tokens used to enter our facilities.

Usage and technical data, such as your interactions with our website or online services, IP address, device information, and basic analytics data generated through your use of our digital services.

Communications data, such as enquiries, complaints, feedback, and any correspondence you have with us by post or in person.

On-site CCTV images, where we use closed circuit television at our premises for security and safety purposes. CCTV may capture images of customers, visitors and vehicles in and around our facilities.

How we collect your personal data

We collect personal data directly from you when you request information, make a booking, enter into a contract, visit our sites, make a payment, or communicate with us. We may also collect data from your use of our website and online tools. In some cases, we receive personal data from third parties such as payment processors, credit reference agencies, law enforcement or regulatory bodies, or other individuals who have authority to act on your behalf.

Lawful bases for processing your data

We process your personal data only where we have a lawful basis under data protection laws. Depending on the context, we may rely on the following lawful bases:

Performance of a contract. We process personal data where it is necessary to enter into or perform a contract with you, such as administering your storage agreement, taking payments and providing customer service.

Compliance with legal obligations. We process personal data where we must comply with legal or regulatory duties, such as tax and accounting rules, lawful requests from authorities, or obligations related to security and health and safety.

Legitimate interests. We process personal data where it is necessary for our legitimate business interests or those of a third party, and where your interests and fundamental rights do not override those interests. Our legitimate interests include securing our premises, preventing fraud and misuse, managing our business operations, improving our services, and maintaining accurate records.

Consent. In limited circumstances, we may rely on your consent, for example for certain direct marketing communications where this is required by law. Where we rely on consent, you can withdraw it at any time.

Purposes for which we use personal data

We use your personal data for the following purposes:

To provide, manage and administer your storage services and any related services you request.

To set up and maintain your customer account and manage payments, refunds and billing queries.

To verify your identity and eligibility to use our services, and to manage security and access to our premises.

To respond to enquiries, handle complaints, and provide customer support.

To manage our business operations, including accounting, auditing, reporting and internal administration.

To maintain the safety and security of our sites, staff, customers and property, including through CCTV monitoring and access controls.

To comply with legal and regulatory obligations, including the prevention and detection of crime, fraud and misuse of our services.

To send you information about our services that is relevant to your existing relationship with us, where permitted by law, and to manage your communication preferences.

Data retention and storage periods

We keep your personal data only for as long as is necessary for the purposes for which it was collected, including to meet legal, accounting or reporting requirements. The applicable retention period will depend on the type of data and our legal obligations.

Customer account and contract records are generally retained for a period after the end of your storage agreement to deal with any queries, disputes or legal claims. Financial and transaction records are retained for the period required by tax and accounting laws. CCTV footage is retained for a limited period that is proportionate to our security needs, unless a longer retention period is required for the investigation of an incident.

When we no longer need your personal data, we will securely delete, anonymise or otherwise dispose of it in accordance with our data retention policies.

Data processors and third party sharing

We may share your personal data with trusted third parties who provide services to us and act as our data processors. These may include payment processing providers, IT and cloud service providers, security and access control providers, customer management and communication platforms, and professional advisers such as accountants or auditors.

Our processors are only allowed to process your personal data on our instructions, for specified purposes, and must implement appropriate technical and organisational measures to protect your data.

We may also share personal data with other third parties where required by law, for example with law enforcement or regulatory authorities, or where it is necessary to protect our rights, property or the safety of our customers and staff. In some situations, we may share data with insurers, legal advisers or relevant third parties in connection with claims, disputes or legal proceedings.

International transfers

Where we transfer personal data outside the United Kingdom or European Economic Area, we will ensure that appropriate safeguards are in place to protect your data in accordance with data protection laws. These safeguards may include the use of standard contractual clauses or transfers to countries that have been recognised as providing an adequate level of data protection.

Your data protection rights

Under data protection laws, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These rights include:

The right of access. You can request confirmation of whether we process your personal data and obtain a copy of that data, together with information about how we use it.

The right to rectification. You can request that inaccurate or incomplete personal data is corrected or updated.

The right to erasure. In certain circumstances, you can request that we delete your personal data, for example where it is no longer needed for the purposes for which it was collected or where you withdraw consent and there is no other legal basis for processing.

The right to restriction of processing. You can request that we temporarily restrict the use of your personal data in certain situations, such as where the accuracy of the data is contested.

The right to data portability. In some cases, you can request that we provide your personal data in a structured, commonly used and machine-readable format, or that we transmit it to another controller, where technically feasible.

The right to object. You can object to our processing of your personal data where we are relying on legitimate interests or performing a task in the public interest, and we will consider your objection. You have an absolute right to object to direct marketing at any time.

The right to withdraw consent. Where we rely on your consent to process personal data, you can withdraw your consent at any time. This will not affect the lawfulness of processing that took place before consent was withdrawn.

Security of your personal data

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include access controls, secure storage, staff training and the use of suitable technologies and procedures. While we strive to protect your data, no system can be completely secure, and we cannot guarantee absolute security.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. Any changes will take effect from the date the updated Privacy Policy is made available. We encourage you to review this Privacy Policy periodically so that you remain informed about how we use and protect your personal data.